Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
01-30-2017, 11:53 PM
|
#1
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Rep: 
|
Limit retries for secured directory with .htaccess file
I'm using Ubuntu 14.04 with apache web server enabled, due to security concern i have password protected apache directory with .htaccess.
Is it possible to block too many password attempts ?
Regards,
Majid Hussain
|
|
|
01-31-2017, 03:03 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Originally Posted by gemmajid
I'm using Ubuntu 14.04 with apache web server enabled, due to security concern i have password protected apache directory with .htaccess.
Is it possible to block too many password attempts ?
Regards,
Majid Hussain
|
This is possible either using fail2ban, or the mod_security apache module.
See the following examples about their usage: fail2ban, mod_security
Regards
|
|
|
01-31-2017, 04:56 AM
|
#3
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
Thank you bathory for your quick response, i had tried fail2ban but it's not working. It doesn't block any thing.
|
|
|
01-31-2017, 06:16 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Originally Posted by gemmajid
Thank you bathory for your quick response, i had tried fail2ban but it's not working. It doesn't block any thing.
|
What did you try and it's not working?
There is the "apache-auth" jail that does exactly what you want. See the example in my previous post if you need help to configure fail2ban and apache-auth in ubuntu
|
|
|
01-31-2017, 06:41 AM
|
#5
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
I have followed your fail2ban example and did exactly same procedure but unfortunately it's not working, policy didn't banned my ip.
Further i have some other rules as well which are working fine.
|
|
|
01-31-2017, 07:39 AM
|
#6
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Originally Posted by gemmajid
I have followed your fail2ban example and did exactly same procedure but unfortunately it's not working, policy didn't banned my ip.
Further i have some other rules as well which are working fine.
|
Are you sure you've enabled the apache jail and ignoreip does not list your IP(s)?
?
Code:
[apache]
enabled = true
...
ignoreip = x.x.x.x
...
And you can always check if the jail regexes work in your case, by taking a line from error_log and test it against fail2ban-regex like this:
Code:
fail2ban-regex '[Tue Jan 31 15:05:58 2017] [error] [client 127.0.0.1] user guest: authentication failure for "/test": Password Mismatch' /etc/fail2ban/filter.d/apache-auth.conf
|
|
|
01-31-2017, 09:14 AM
|
#7
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep: 
|
Test it?
Code:
fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf
|
|
|
01-31-2017, 11:21 PM
|
#8
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
I'm getting some thing like below while testing.
Quote:
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/apache-auth.conf
Use log file : /var/log/apache2/error.log
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [38] WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year
`-
Lines: 38 lines, 0 ignored, 0 matched, 38 missed
Missed line(s): too many to print. Use --print-all-missed to print all 38 lines
|
|
|
|
02-01-2017, 12:29 AM
|
#9
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Lines: 38 lines, 0 ignored, 0 matched, 38 missed
|
Could you post these38 lines of error.log here?
|
|
|
02-01-2017, 01:02 AM
|
#10
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
Have a look
Quote:
Lines: 21 lines, 0 ignored, 0 matched, 21 missed
|- Missed line(s):
| [Wed Feb 01 11:45:14.783583 2017] [ssl:warn] [pid 19607] AH01906: TestingServer:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
| [Wed Feb 01 11:45:15.000331 2017] [:warn] [pid 19607] mod_wsgi: Compiled for Python/2.7.8.
| [Wed Feb 01 11:45:15.000410 2017] [:warn] [pid 19607] mod_wsgi: Runtime using Python/2.7.9.
| [Wed Feb 01 11:45:15.004018 2017] [mpm_prefork:notice] [pid 19607] AH00163: Apache/2.4.10 (Ubuntu) OpenSSL/1.0.1f mod_wsgi/3.5 Python/2.7.9 configured -- resuming normal operations
| [Wed Feb 01 11:45:15.004100 2017] [core:notice] [pid 19607] AH00094: Command line: '/usr/sbin/apache2'
| [Wed Feb 01 11:48:20.539715 2017] [mpm_prefork:notice] [pid 19607] AH00169: caught SIGTERM, shutting down
| [Wed Feb 01 11:48:21.389386 2017] [ssl:warn] [pid 20182] AH01906: TestingServer:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
| [Wed Feb 01 11:48:22.000681 2017] [:notice] [pid 20182] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
| [Wed Feb 01 11:48:22.001087 2017] [:notice] [pid 20182] ModSecurity: APR compiled version="1.5.1-dev"; loaded version="1.5.1"
| [Wed Feb 01 11:48:22.001359 2017] [:warn] [pid 20182] ModSecurity: Loaded APR do not match with compiled!
| [Wed Feb 01 11:48:22.001375 2017] [:notice] [pid 20182] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.35 2014-04-04"
| [Wed Feb 01 11:48:22.001391 2017] [:warn] [pid 20182] ModSecurity: Loaded PCRE do not match with compiled!
| [Wed Feb 01 11:48:22.001499 2017] [:notice] [pid 20182] ModSecurity: LUA compiled version="Lua 5.1"
| [Wed Feb 01 11:48:22.001520 2017] [:notice] [pid 20182] ModSecurity: LIBXML compiled version="2.9.1"
| [Wed Feb 01 11:48:22.002914 2017] [:notice] [pid 20182] ModSecurity: StatusEngine call: "2.8.0,Apache,1.5.1-dev/1.5.1,8.31/8.35 2014-04-04,Lua 5.1,2.9.1,460d391b147a8b1ea73a938993d7f2a9b93a5584"
| [Wed Feb 01 11:48:22.109494 2017] [:notice] [pid 20182] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
| [Wed Feb 01 11:48:22.165535 2017] [ssl:warn] [pid 20184] AH01906: TestingServer:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
| [Wed Feb 01 11:48:23.001110 2017] [:warn] [pid 20184] mod_wsgi: Compiled for Python/2.7.8.
| [Wed Feb 01 11:48:23.001298 2017] [:warn] [pid 20184] mod_wsgi: Runtime using Python/2.7.9.
| [Wed Feb 01 11:48:23.010172 2017] [mpm_prefork:notice] [pid 20184] AH00163: Apache/2.4.10 (Ubuntu) OpenSSL/1.0.1f mod_wsgi/3.5 Python/2.7.9 configured -- resuming normal operations
| [Wed Feb 01 11:48:23.010584 2017] [core:notice] [pid 20184] AH00094: Command line: '/usr/sbin/apache2'
|
|
|
|
02-01-2017, 01:23 AM
|
#11
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
i assumed that attempt failure logs are not generating at error.logs file as i'm unable to view any entry there further modsecurity is enabled at my server.
modsecurity_audit.log have details of authentication attempts.
|
|
|
02-01-2017, 01:57 AM
|
#12
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Originally Posted by gemmajid
i assumed that attempt failure logs are not generating at error.logs file as i'm unable to view any entry there further modsecurity is enabled at my server.
modsecurity_audit.log have details of authentication attempts.
|
Failed attempts should be logged like in my post #6
Now if mod_security is logging those attempts in a different logfile, then adapt apache-auth regexes accordingly
But since you have mod_security enabled, why don't you use it to ban brute-force attacks?
|
|
|
02-01-2017, 02:19 AM
|
#13
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
ok, can you guide me where to add that script which you have posted earlier.
|
|
|
02-01-2017, 03:59 AM
|
#14
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,233
|
Quote:
Originally Posted by gemmajid
ok, can you guide me where to add that script which you have posted earlier.
|
What script? You mean the mod_security example?
I think it's self explanatory. In the example the poster uses mod_security to protect /sessions
And of course the code goes into the apache config file (apache2.conf for ubuntu), or if it's for a vhost, into the vhost config (/etc/apache2/sites-available/vhost-config)
|
|
|
02-01-2017, 06:08 AM
|
#15
|
Member
Registered: Mar 2012
Location: Karachi
Distribution: Ubuntu, RedHat, CentOs,
Posts: 104
Original Poster
Rep: 
|
Quote:
Originally Posted by bathory
What script? You mean the mod_security example?
I think it's self explanatory. In the example the poster uses mod_security to protect /sessions
And of course the code goes into the apache config file (apache2.conf for ubuntu), or if it's for a vhost, into the vhost config (/etc/apache2/sites-available/vhost-config)
|
I have followed the modsecurity example mentioned by you earlier, i have entered codes in vhost file as well but no success yet.
|
|
|
All times are GMT -5. The time now is 02:16 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|